Lucene search

K
cvelistOpensslCVELIST:CVE-2018-0734
HistoryOct 30, 2018 - 12:00 a.m.

CVE-2018-0734 Timing attack against DSA

2018-10-3000:00:00
openssl
www.cve.org
1

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.6%

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

CNA Affected

[
  {
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
      },
      {
        "status": "affected",
        "version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
      },
      {
        "status": "affected",
        "version": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
      }
    ]
  }
]

References